Go to listing page

Cyware Daily Threat Intelligence, June 03, 2022

Cyware Daily Threat Intelligence, June 03, 2022

Share Blog Post

Researchers have discovered attacks targeting Confluence servers. Atlassian is telling customers to make their servers inaccessible due to the unavailability of a patch. Meanwhile, two new malware Clipminer and WinDealer also made headlines in the past 24 hours. Clipminer has helped adversaries rake in over a million in unlawful transactions. 

A ransomware attack has reportedly hit SATT Sud-Est, a French firm. Hackers claimed they pilfered nearly 200GB of data and left a ransom note worth $500,000.


Top Breaches Reported in the Last 24 Hours


Data extortion grips a French firm
Industrial Spy group claimed to have stolen data from a French company, named SATT Sud-Est and is offering it at $500,000. Though a data extortion group, it has been practicing ransomware tactics in its attacks lately. The group has leveled up the extortion game by publicly displaying ransom notes for its victims.

Mirror Protocol lost $2 million
Mirror Protocol, a DeFi platform on the Terra ecosystem, suffered a loss worth approximately $2 million owing to an exploit. Hackers abused a bug in the pricing oracle for the platform. The incident was highlighted in Mirror’s forum on May 28. Hackers stole funds from the synthetic versions of Ethereum, Polkadot, and Bitcoin.

Top Malware Reported in the Last 24 Hours


Clipminer malware earned millions
Threat analysts at Symantec have found a significant cryptomining operation by operators of a new malware called Clipminer. It uses trojanized downloads of pirated or cracked software to infect victims. Hackers swindled at least $1.7 million in illicit gains from mining and theft via clipboard hijacking. Researchers reported that 4,375 cryptocurrency wallet addresses allegedly received stolen funds.

LuoYu actor drops WinDealer
Kaspersky followed on the findings by TeamT5 to discover that WinDealer—deployed by Chinese-speaking threat actor LuoYu—has been performing intrusions through a man-on-the-side attack. This technique allows an actor to modify in-transit network traffic and insert malicious payloads. What makes this especially dangerous is that it requires no interaction with the victim.

Threat group switches its weapon
The Evil Corp cybercrime group was observed deploying LockBit ransomware on its targets in an attempt to avoid any sanctions imposed by U.S. officials. According to Mandiant, the development shall let victims pay without encountering risks associated with breaching OFAC regulations. The threat group has previously been deploying the Dridex malware.

Top Vulnerabilities Reported in the Last 24 Hours


Zero-day discovered in Atlassian Confluence
A new Atlassian Confluence zero-day, tracked as CVE-2022-26134, is being exploited by cybercriminals to deploy webshells. This can lead to critical remote code execution attacks. As per reports, Confluence Server and Data Center 7.4.0 and higher are believed to be vulnerable. Organizations using Atlassian Cloud are unaffected.

Intel exploits developed but never used
A leak studied by Eclypsium disclosed that the possibly defunct Conti group targeted two Intel firmware management tools, including Intel ME, in hard-to-detect attacks. The threat group members had already developed PoC code for these methods, roughly nine months ago. It is surmised that the criminals were planning firmware-based persistence for evading security products and device protection.

Top Scams Reported in the Last 24 Hours


Sextortion scam via BITB
The team at Zscaler unearthed a new Browser-in-the Browser (BITB) attack that threatens victims with a sextortion demand or their sensitive information would go public. To make the scam look legitimate, attackers impersonate the Government of India and ask victims to pay up if they wish to avoid imprisonment.

 Tags

data center servers
dridex malware
conti ransomware
browser in the browser
confluence servers
evil corp
satt sud est
clipminer botnet
sextortion scam
indian government
lockbit 20
poc code
intel me
windealer
zero day flaws

Posted on: June 03, 2022


More from Cyware

Stay updated on the security threat landscape and technology innovations at Cyware with our threat intelligence briefings and blogs.